CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-1356

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.6%

CVSS Severity

CVSS v3 Score 3.7

CVSS v2 Score 4.3

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1
http://www.securitytracker.com/id/1035189
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1
http://www.securitytracker.com/id/1035189

Products affected by CVE-2016-1356

Cisco » Firesight System Software » Version: _6.1.0

cpe:2.3:a:cisco:firesight_system_software:_6.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1356

Products

Pricing

Contact Us